bolha.us

1 post1 participant0 posts today

SanjaymenonNetSPI’s Open LLM Security Benchmark: Balancing Security & Usability of Large Language Models (LLMs)<a href="https://github.com/NetSPI/Open-LLM-Security-Benchmark" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/NetSPI/Open-LLM-Security-Benchmark</a><a href="https://mastodon.social/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ai</a> <a href="https://mastodon.social/tags/llm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#llm</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/aisecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#aisecurity</a>

0x40kAI in the security field? Yeah, it can definitely lend a hand, BUT let's be real here. Automated tools are just *not* a substitute for an experienced pentester's intuition and skills.Sure, these tools might flag the obvious vulnerabilities – the low-hanging fruit, if you will. However, the *real* breakthroughs, those crucial "aha!" moments? They almost always come from actual human brainpower and critical thinking.Plus, think about it: who's actually vetting the results the AI spits out? Without that critical human oversight, you could easily drown in a sea of "findings," completely unsure of what genuinely needs urgent attention. Security is so much more than just hitting 'scan'; it’s a continuous, evolving process! Definitely something to keep in mind.And on a related note, let's not forget the persistent threats out there. State-sponsored cyber warfare is a serious concern, and actors like Russia are definitely a significant force to reckon with in that arena.So, what's your experience been using AI in pentesting? Drop your thoughts below!<a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a>

IT NewsCloudflare turns AI against itself with endless maze of irrelevant facts - On Wednesday, web infrastructure provider Cloudflare announced a new featu... - <a href="https://arstechnica.com/ai/2025/03/cloudflare-turns-ai-against-itself-with-endless-maze-of-irrelevant-facts/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/ai/2025/03/cloudflare-turns-ai-against-itself-with-endless-maze-of-irrelevant-facts/</a> <a href="https://schleuss.online/tags/largelanguagemodels" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#largelanguagemodels</a> <a href="https://schleuss.online/tags/machinelearning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#machinelearning</a> <a href="https://schleuss.online/tags/aisecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#aisecurity</a> <a href="https://schleuss.online/tags/cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudflare</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ai</a>

OWASP Foundation👀 OWASP Global AppSec EU 2025 Barcelona Day 1 Agenda Sneak Peek!The full agenda is now live on our website, and we're kicking things off in Barcelona with an incredible first day! Join in on training sessions on AI Whiteboard Hacking, Full-Stack Pentesting, and iOS and Andriod App Security on day 1.👉 <a href="https://owasp.glueup.com/event/owasp-global-appsec-eu-2025-123983/home.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://owasp.glueup.com/event/owasp-global-appsec-eu-2025-123983/home.html</a><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/AppSecEU2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AppSecEU2025</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Barcelona" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Barcelona</a>

0x40kOkay, so AI in Pentesting, huh? 🤖 It's definitely a hot topic! A lot of folks instantly worry about losing their jobs, but let's be real: aren't we pentester basically problem-solvers?Thing is, AI *can* actually help us speed up the simpler stuff. Think OSINT, CVE checks, and even report writing – AI could give us a boost there. And that would give us *more* time to focus on the really tricky hacks.But hey, a word of caution: AI is just a tool, folks. It's not a magic bullet. Creativity and solid experience *still* matter big time! And let's not forget, security *solely* reliant on AI is just plain wrong. Seriously, certificates or no certificates, a company is NOT secure without good old-fashioned manual pentesting.What are your thoughts? 🤔 <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a>

Sean Martin 🎙️✨:verified_paw: :donor:Hackers are taking action where others have failed—warning ransomware victims, exposing AI security flaws, and questioning biohacking ethics. Should policymakers pay more attention to hacker research? Listen now and decide. <a href="https://youtu.be/K2Y_cLxhMuw" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/K2Y_cLxhMuw</a><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/defcon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#defcon</a> <a href="https://infosec.exchange/tags/defcon32" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#defcon32</a> <a href="https://infosec.exchange/tags/HackersAlmanack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HackersAlmanack</a>

nonlinearSolutions? Allow-lists (members can only connect with approved third-parties), app transparency (good luck with that), certifications (or, social allow-lists).Model Context Protocol adoption will usher an ecology of highly specialized AI tools, and that's a good thing. But can we have it with privacy?Thoughts?<a href="https://social.praxis.nyc/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AIsecurity</a> <a href="https://social.praxis.nyc/tags/TechEthics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechEthics</a> <a href="https://social.praxis.nyc/tags/DataProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataProtection</a>

Giskard◆ Hallucination and factual accuracy ◆ Bias and fairness ◆ Resistance to adversarial attacks ◆ Harmful content preventionThe LLM Benchmark incorporates diverse linguistic and cultural contexts to ensure comprehensiveness, and representative samples will be open-source. Read about our methodology, and early findings: <a href="https://gisk.ar/3CRFdeB" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gisk.ar/3CRFdeB</a> We will be sharing more results in the coming months 👀<a href="https://fosstodon.org/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a> <a href="https://fosstodon.org/tags/AITesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AITesting</a> <a href="https://fosstodon.org/tags/LLMs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LLMs</a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a>

LMG SecurityOpen Source AI Models are a growing cybersecurity risk.Organizations are increasingly using AI models from repositories like Hugging Face and TensorFlow Hub—but are they considering the hidden cybersecurity risks? Attackers are slipping malicious code into AI models, bypassing security checks, and exploiting vulnerabilities.New research shows that bad actors are leveraging open-source AI models to introduce backdoors, execute arbitrary code, and even manipulate model outputs. If your team is developing AI solutions, now is the time to secure your AI supply chain by: 🔹 Vetting model sources rigorously 🔹 Avoiding vulnerable data formats like Pickle 🔹 Using safer alternatives like Safetensors 🔹 Managing AI models like any other open-source dependencyAs AI adoption skyrockets, you must proactively safeguard your models against supply chain threats. Check out the full article to learn more: <a href="https://www.darkreading.com/cyber-risk/open-source-ai-models-pose-risks-of-malicious-code-vulnerabilities" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.darkreading.com/cyber-risk/open-source-ai-models-pose-risks-of-malicious-code-vulnerabilities</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ArtificialIntelligence</a> <a href="https://infosec.exchange/tags/HuggingFace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HuggingFace</a> <a href="https://infosec.exchange/tags/MachineLearning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MachineLearning</a> <a href="https://infosec.exchange/tags/DataSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataSecurity</a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/GenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GenAI</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/riskmanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#riskmanagement</a>

WinbuzzerMalicious Code Found in AI Models Shared on Hugging Face <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> #<a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://mastodon.social/tags/HuggingFace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HuggingFace</a> <a href="https://mastodon.social/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a> <a href="https://mastodon.social/tags/PickleSerialization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PickleSerialization</a> <a href="https://mastodon.social/tags/MachineLearning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MachineLearning</a> <a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> <a href="https://mastodon.social/tags/OpenSourceAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSourceAI</a><a href="https://winbuzzer.com/2025/02/09/malicious-code-found-in-ai-models-shared-on-hugging-face-xcxwbn/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://winbuzzer.com/2025/02/09/malicious-code-found-in-ai-models-shared-on-hugging-face-xcxwbn/</a>

OWASP FoundationReady to Secure AI Systems? Join Our 3-Day Hands-On Training at OWASP Global AppSec EU 2025!Dive into AI/ML Whiteboard Hacking with expert Sebastien Deleersnyder from May 26-28, 2025 in Barcelona.Designed for AI engineers, developers, architects, and security professionals, this intermediate-level training will equip you with practical skills to identify AI-specific threats.<a href="https://owasp.glueup.com/event/123983/register" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://owasp.glueup.com/event/123983/register</a><a href="https://infosec.exchange/tags/AppSecEU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AppSecEU</a> <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/AISECURITY" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISECURITY</a>

Michał "rysiek" Woźniak · 🇺🇦I am reading up on abliterations: <a href="https://huggingface.co/blog/mlabonne/abliteration" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://huggingface.co/blog/mlabonne/abliteration</a>Still trying to wrap my head around the consequences of this. But......I kinda feel like abliterations have implications also for prompt injections?As in, it feels like abliterations could mean that it is simply impossible to secure an LLM from prompt injection?I'm sure I am misunderstanding stuff here. Anyone any input on this?<a href="https://mstdn.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://mstdn.social/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a>

BGDoncasterDeepSeek Exposed! Open HTTP ports linked to publicly exposed database, accessible without any authentication at all, allowed full control over database operations - a good thing? NOT! Sensitive data out in the open. <a href="https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak</a> <a href="https://techhub.social/tags/WIZ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WIZ</a> <a href="https://techhub.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://techhub.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://techhub.social/tags/DeepSeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DeepSeek</a> <a href="https://techhub.social/tags/database" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#database</a> <a href="https://techhub.social/tags/chathistory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#chathistory</a> <a href="https://techhub.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://techhub.social/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AIsecurity</a> <a href="https://techhub.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

Sooraj SathyanarayananMark my words: AI agents will be the talk of 2025. With each new capability, the attack surface grows. Attackers can poison training data, manipulate decision logic, or use deceptive inputs to trigger unintended behaviors. One compromised agent can infiltrate entire networks. We need adversarial testing and monitoring before deployment.<a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://mastodon.social/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a> <a href="https://mastodon.social/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedTeam</a>

23RoCurrently working on a non-profit in <a href="https://mastodon.social/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISecurity</a> ( <a href="https://oais.is" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://oais.is</a> ) with some critical work and are looking for hardware sponsoring. Primarily we are looking for Notebooks that we can run Linux on and burner phones.I've tried to reach out to <a href="https://mastodon.social/tags/tuxedo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tuxedo</a> computers without feedback. Does anyone have a lead on linux focused hardware shops that offer sponsoring for non-profits?<a href="https://mastodon.social/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ai</a> <a href="https://mastodon.social/tags/alignment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#alignment</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://mastodon.social/tags/linuxnotebooks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linuxnotebooks</a> <a href="https://mastodon.social/tags/notebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#notebook</a> <a href="https://mastodon.social/tags/hardware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hardware</a> <a href="https://mastodon.social/tags/sponsoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sponsoring</a> <a href="https://mastodon.social/tags/non" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#non</a>-profit <a href="https://mastodon.social/tags/ngo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ngo</a>

Recent searches

Search options

Administered by:

Server stats:

#aisecurity